CNNVD-202507-1854 Information
CNNVD ID
CNNVD-202507-1854
Related CVE
- CNNVD Published: 2025-07-14
Description (Chinese)
Avid NEXIS E-series等都是美国Avid公司的一款虚拟化存储平台。 Avid多款产品存在安全漏洞,该漏洞源于使用存在漏洞的gSOAP版本,可能导致未经验证的路径遍历攻击。以下产品及版本受到影响:Avid NEXIS E-series、Avid NEXIS F-series、Avid NEXIS PRO+和System Director Appliance (SDA+) 2025.5.1之前版本。
Description (English)
Avid NEXIS E-series are all virtual storage platforms of the American company Avid. There is a safety loophole in Avid’s multiple products, which stems from the use of the gSOAP version, which contains loopholes, and which could lead to unverified path attacks. The following products and versions were affected: Avid NEXIS E-services, Avid NEXIS F-services, Avid NEXIS PRO+ and System Director Application (SDA+) 2025.5.1.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Avid
Published
2025-07-14
Last Modified
2026-02-24
References
https://raeph123.github.io/BlogPosts/Avid_Nexis/Advisory_Avid_Nexus_Agent_Multiple_Vulnerabilities_en.html https://www.genivia.com/changelog.html https://resources.avid.com/SupportFiles/attach/AvidNEXIS/AvidNEXIS_2025_5_1_ReadMe.pdf https://access.redhat.com/security/cve/cve-2024-26293
Patch
https://kb.avid.com/pkb/articles/troubleshooting/en239659
Share on: